Case Study  ·  Global B2B SaaS Platform

35,000 Attacks Eliminated.
28% Faster. 24 Hours.

A global B2B SaaS platform operating across Azure, DigitalOcean, and GCP deployed OneFirewall Alliance and eliminated all unauthorised traffic — including 35,000 daily attacks — while reducing latency by 28%.

BEFORE ONEFIREWALL 22% malicious traffic 35,000 attacks/day No SSH protection AFTER ONEFIREWALL 0 daily attacks 28% latency reduction All SSH attacks mitigated
35,000Daily attacks eliminated
28%Latency reduction
22%Malicious traffic share
12,000+Daily feeds contributed
24hTime to full resolution
0.49%Unique threats discovered

The Challenge

What Member X Was Facing

Member X is a B2B SaaS platform operating globally across three cloud providers (Azure, DigitalOcean, and GCP) with infrastructure distributed across Europe (two instances) and the US. Despite their scale, they lacked effective perimeter security — resulting in runaway attack volume threatening service availability and performance.

22% malicious traffic: Nearly a quarter of all incoming requests were unauthorised operations — bots, scanners, and attack toolkits.
35,000 attacks per day targeting web services and management consoles, overwhelming operations teams.
Cloudflare free plan only — no advanced DDoS protection, no intelligent threat blocking.
Direct, unprotected console access — SSH brute-force attempts reaching management interfaces.
24-hour deadline: The board required a full resolution within one business day.

The OneFirewall Response

Phase 1 — Threat Analysis

OneFirewall mapped all active attack patterns: automated bot traffic, SSH brute-force campaigns, and application-layer attacks across all three cloud environments. Full threat picture established in hours.

Phase 2 — Intelligence Integration

Deployed OneFirewall Alliance threat intelligence using Crime Score-based blocking — all sources scoring above 120 were immediately blocked at the edge. Real-time cross-member intelligence covered attack IPs the platform had never seen before.

Phase 3 — Preventive Controls

Deployed ACLs to block high-risk IPs, whitelisted approved remote access ranges, optimised CDN routing, and hardened all web ingress points across Azure, DigitalOcean, and GCP simultaneously.

The Results

Within 24 hours, the platform went from 35,000 daily attacks to zero — while contributing intelligence back to the Alliance that protected all other members.

35,000 daily attacks eliminated through Alliance IP blocking — no manual intervention required.
28% latency reduction — blocking malicious traffic at the edge freed bandwidth and processing for legitimate users.
All SSH and web application attacks mitigated without any manual firewall rule updates.
12,000+ daily threat feeds contributed to the Alliance — giving back intelligence that now protects 180+ other members.
0.49% unique threats identified — nearly half a percent of threats seen by this member were not in other members' data, expanding Alliance coverage.
"Perimeter security is critical for blocking malicious traffic at network edges. Real-time intelligence enabled accurate threat blocking without impacting legitimate users."

— OneFirewall Alliance, post-deployment assessment

Crime Score threshold used: ≥120 — conservative starting point for a first deployment

Get the Same Results

Want to see what OneFirewall Alliance can do for your environment? Start a Proof of Value — we'll deploy on your infrastructure and show you real threat elimination metrics within days.

Speak with OneFirewall Organize a Proof of Value